Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers.
Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-...
to sha-7f92a06
. The documentation for self-hosting SSOReady is available here.
Vulnerability was discovered by @ahacker1-securesaml. It's likely the precise mechanism of attack affects other SAML implementations, so the reporter and I (@ucarion) have agreed to not disclose it in detail publicly at this time.
{ "nvd_published_at": "2024-10-09T19:15:14Z", "cwe_ids": [ "CWE-347" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-10-11T16:58:36Z" }